Chromium Code Reviews Chromium Code Reviews
Issue 2655873002:
Get enrollment token from DMServer when an Active Directory user uses ARC (Closed)
| Index: chrome/browser/chromeos/arc/arc_auth_service.cc |
| diff --git a/chrome/browser/chromeos/arc/arc_auth_service.cc b/chrome/browser/chromeos/arc/arc_auth_service.cc |
| index b765ba6573cb5089d4248811087ed757671c2011..4633c266fa95e3c66c5ff7c54ebdafadc8316c23 100644 |
| --- a/chrome/browser/chromeos/arc/arc_auth_service.cc |
| +++ b/chrome/browser/chromeos/arc/arc_auth_service.cc |
| @@ -11,15 +11,18 @@ |
| #include "base/memory/ptr_util.h" |
| #include "chrome/browser/chromeos/arc/arc_optin_uma.h" |
| #include "chrome/browser/chromeos/arc/arc_session_manager.h" |
| -#include "chrome/browser/chromeos/arc/auth/arc_auth_code_fetcher.h" |
| +#include "chrome/browser/chromeos/arc/auth/arc_active_directory_enrollment_token_fetcher.h" |
| +#include "chrome/browser/chromeos/arc/auth/arc_auth_info_fetcher.h" |
| #include "chrome/browser/chromeos/arc/auth/arc_background_auth_code_fetcher.h" |
| #include "chrome/browser/chromeos/arc/auth/arc_manual_auth_code_fetcher.h" |
| #include "chrome/browser/chromeos/arc/auth/arc_robot_auth_code_fetcher.h" |
| #include "chrome/browser/chromeos/arc/policy/arc_policy_util.h" |
| +#include "chrome/browser/chromeos/profiles/profile_helper.h" |
| #include "chrome/browser/lifetime/application_lifetime.h" |
| #include "chromeos/chromeos_switches.h" |
| #include "components/arc/arc_bridge_service.h" |
| #include "components/arc/arc_features.h" |
| +#include "components/user_manager/user_manager.h" |
| #include "content/public/browser/browser_thread.h" |
| namespace arc { |
| @@ -86,25 +89,30 @@ class ArcAuthService::AccountInfoNotifier { |
| account_info_callback_(account_info_callback) {} |
| void Notify(bool is_enforced, |
| - const std::string& auth_code, |
| + const std::string& auth_info, |
| mojom::ChromeAccountType account_type, |
| bool is_managed) { |
| switch (callback_type_) { |
| case CallbackType::AUTH_CODE: |
| DCHECK(!auth_callback_.is_null()); |
| - auth_callback_.Run(auth_code, is_enforced); |
| + auth_callback_.Run(auth_info, is_enforced); |
| break; |
| case CallbackType::AUTH_CODE_AND_ACCOUNT: |
| DCHECK(!auth_account_callback_.is_null()); |
| - auth_account_callback_.Run(auth_code, is_enforced, account_type); |
| + auth_account_callback_.Run(auth_info, is_enforced, account_type); |
| break; |
| case CallbackType::ACCOUNT_INFO: |
| DCHECK(!account_info_callback_.is_null()); |
| mojom::AccountInfoPtr account_info = mojom::AccountInfo::New(); |
| - if (!is_enforced) { |
| - account_info->auth_code = base::nullopt; |
| + if (account_type == |
| + mojom::ChromeAccountType::ACTIVE_DIRECTORY_ACCOUNT) { |
| + account_info->enrollment_token = auth_info; |
| } else { |
| - account_info->auth_code = auth_code; |
| + if (!is_enforced) { |
|
Luis Héctor Chávez
2017/01/31 18:01:09
nit: elide braces (or use a ternary).
Marton Hunyady
2017/02/01 12:21:50
Done.
|
| + account_info->auth_code = base::nullopt; |
| + } else { |
| + account_info->auth_code = auth_info; |
| + } |
| } |
| account_info->account_type = account_type; |
| account_info->is_managed = is_managed; |
| @@ -223,28 +231,41 @@ void ArcAuthService::RequestAccountInfoInternal( |
| // Hereafter asynchronous operation. Remember the notifier. |
| notifier_ = std::move(notifier); |
| - if (ArcSessionManager::IsArcKioskMode()) { |
| - // In Kiosk mode, use Robot auth code fetching. |
| - fetcher_ = base::MakeUnique<ArcRobotAuthCodeFetcher>(); |
| - } else if (base::FeatureList::IsEnabled(arc::kArcUseAuthEndpointFeature)) { |
| - // Optionally retrieve auth code in silent mode. |
| - fetcher_ = base::MakeUnique<ArcBackgroundAuthCodeFetcher>( |
| - ArcSessionManager::Get()->profile(), |
| - ArcSessionManager::Get()->auth_context()); |
| + Profile* profile = ArcSessionManager::Get()->profile(); |
| + const user_manager::User* user = nullptr; |
| + if (profile) |
| + user = chromeos::ProfileHelper::Get()->GetUserByProfile(profile); |
| + if (user && user->IsActiveDirectoryUser()) { |
| + // For Active Directory enrolled devices, we get an enrollment token for a |
| + // managed Google Play account from DMServer. |
| + fetcher_ = base::MakeUnique<ArcActiveDirectoryEnrollmentTokenFetcher>(); |
| + fetcher_->Fetch(base::Bind(&ArcAuthService::OnEnrollmentTokenFetched, |
| + weak_ptr_factory_.GetWeakPtr())); |
|
Luis Héctor Chávez
2017/01/31 18:01:09
nit: return; to avoid the else block altogether.
Marton Hunyady
2017/02/01 12:21:50
Done.
|
| } else { |
| - // Report that silent auth code is not activated. All other states are |
| - // reported in ArcBackgroundAuthCodeFetcher. |
| - UpdateSilentAuthCodeUMA(OptInSilentAuthCode::DISABLED); |
| - // Otherwise, show LSO page and let user click "Sign in" button. |
| - // Here, support_host should be available always. The case support_host is |
| - // not created is when 1) IsOptInVerificationDisabled() is true or 2) |
| - // IsArcKioskMode() is true. Both cases are handled above. |
| - fetcher_ = base::MakeUnique<ArcManualAuthCodeFetcher>( |
| - ArcSessionManager::Get()->auth_context(), |
| - ArcSessionManager::Get()->support_host()); |
| + // For non-AD enrolled devices an auth code is fetched. |
| + if (ArcSessionManager::IsArcKioskMode()) { |
| + // In Kiosk mode, use Robot auth code fetching. |
| + fetcher_ = base::MakeUnique<ArcRobotAuthCodeFetcher>(); |
| + } else if (base::FeatureList::IsEnabled(arc::kArcUseAuthEndpointFeature)) { |
| + // Optionally retrieve auth code in silent mode. |
| + DCHECK(profile); |
| + fetcher_ = base::MakeUnique<ArcBackgroundAuthCodeFetcher>( |
| + profile, ArcSessionManager::Get()->auth_context()); |
| + } else { |
| + // Report that silent auth code is not activated. All other states are |
| + // reported in ArcBackgroundAuthCodeFetcher. |
| + UpdateSilentAuthCodeUMA(OptInSilentAuthCode::DISABLED); |
| + // Otherwise, show LSO page and let user click "Sign in" button. |
| + // Here, support_host should be available always. The case support_host is |
| + // not created is when 1) IsOptInVerificationDisabled() is true or 2) |
| + // IsArcKioskMode() is true. Both cases are handled above. |
| + fetcher_ = base::MakeUnique<ArcManualAuthCodeFetcher>( |
| + ArcSessionManager::Get()->auth_context(), |
| + ArcSessionManager::Get()->support_host()); |
| + } |
| + fetcher_->Fetch(base::Bind(&ArcAuthService::OnAuthCodeFetched, |
| + weak_ptr_factory_.GetWeakPtr())); |
| } |
| - fetcher_->Fetch(base::Bind(&ArcAuthService::OnAuthCodeFetched, |
| - weak_ptr_factory_.GetWeakPtr())); |
| } |
| void ArcAuthService::OnAuthCodeFetched(const std::string& auth_code) { |
| @@ -264,4 +285,20 @@ void ArcAuthService::OnAuthCodeFetched(const std::string& auth_code) { |
| notifier_.reset(); |
| } |
| +void ArcAuthService::OnEnrollmentTokenFetched( |
| + const std::string& enrollment_token) { |
| + DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| + fetcher_.reset(); |
| + |
| + if (enrollment_token.empty()) { |
| + ArcSessionManager::Get()->OnProvisioningFinished( |
| + ProvisioningResult::CHROME_SERVER_COMMUNICATION_ERROR); |
| + return; |
| + } |
| + |
| + notifier_->Notify(true, enrollment_token, |
| + mojom::ChromeAccountType::ACTIVE_DIRECTORY_ACCOUNT, true); |
| + notifier_.reset(); |
| +} |
| + |
| } // namespace arc |
